Language selection

Search

Manager snoops on employee’s personal bank account after employee calls in sick

Early resolved case summary #2015-06

May 22, 2015


Lessons Learned

  • An organization may be in contravention of PIPEDA if an employee accesses another individual’s personal information without a valid business purpose. This would be seen as using information for a purpose other than that for which it was collected. Organizations should ensure that their employees have a clear understanding of the importance of maintaining customer confidentiality and of the consequences of accessing a customer's personal information without a legitimate business need or proper authorization to do so.
  • To prevent and address employee snooping, organizations can read our Ten Tips for Addressing Employee Snooping.

Complaint summary

An individual who worked at a credit union alleged that her manager had accessed her personal financial information without consent. Her manager had suspected that the individual had wrongfully called in sick to attend to out-of-province family matters and, as the individual was also a customer of the credit union, accessed the transaction history in the individual’s personal bank account to see if she had been using her debit card outside of the province. The individual discovered this when her employment was terminated and her manager made comments about the incident. She sent a letter to an executive of the credit union asking whether her employment contract or the credit union’s privacy policy permitted her manager to access her personal banking information in such circumstances. The individual did not receive a conclusive response. Dissatisfied, she filed a complaint with our office.

Outcome

Our office communicated with the credit union as part of its early resolution process. The credit union agreed that the manager had accessed the individual’s account without a valid business purpose and that the individual’s personal information was therefore used for a purpose other than that for which it was collected. The credit union indicated that it would address the issue with the manager, who had been frustrated by staffing and performance issues, and would write a letter of apology to the individual.

The individual was satisfied that the credit union committed to addressing the manager’s conduct. The credit union also apologized to the individual for the manager’s actions. She considered the matter early resolved.

Report a problem or mistake on this page
Error 1: No selection was made. You must choose at least 1 answer.
Please select all that apply (required):

Note

Date modified: